Security and EMR: How Afraid Should We Be?

Imagine the embarrassment of your sexual dysfunction being made public.

Imagine the worry, especially in this tenuous economy, of your employer finding out that you have a genetic condition that could grow to be debilitating.

Imagine trying to protect your familys privacy only to discover that your childs schoolmates have learned of his disability.

Emotional, financial, social privacy and security: thats what we all expect of our medical records. Coming in a close second to the effective, affordable treatment itself is the expectation that that treatment, and the condition its treating, will remain completely confidential.

The introduction of electronic medical records have offered many benefits to both healthcare professionals and patients. EMR are easier to search, easier to find potential drug interactions, take up a tiny fraction of the physical space, make record-keeping much faster and easier, and allow us to move or share our records among our care team.

But do they risk the safety of our data? The answer to this question depends on two things. First is the infrastructure. Is it built without loopholes, with adequate encryption and protection?

But the second element – the one that I have heard much less about – on which our EMR security depends, are the people involved in the process. Whether our records are on paper in a folder in a filing cabinet, or data saved in a digital file, we rely on the physicians, physician assistants, nurse practitioners, nurses, clerks, receptionists, and all others – not only from our practitioners office, but also from our managed care provider, our banking institution, and all others who access our files.

We assume that everyone working with our files has been adequately trained, is working on adequate equipment, has adequate time to do their work, and is adequately following adequate procedures. Thats a lot of assumptions, it seems to me – and even the best structure cant fix human error.

Im impressed by the steps that the industry has taken since its inception, which have resulted in about half of all physicians using EMR. But I havent heard much about the people side of things. What are the training protocols? What are the background checks? Who are the people who have access to my records – how many different points of entry are we talking about?

Weve got a bank with a crackerjack vault… but whos guarding it, and how good are they at it?

I dont suspect doctors or their staff of widespread ill intent – far from it. But what is the potential for error? Where do those decisions points exist, and how are they being safeguarded?

Im not raising my questions to make anyone afraid; just the opposite, Id love to find official answers to put these questions to rest for good. Here at Pixels & Pills wed love to do an interview with an EMR expert to answer these questions straight from the horses mouth. Are you one? Do you know one? Please get in touch.

Here’s my take. EMRs are infinitely more secure than paper records simply because they rely less on humans to actually be secure. It’s very difficult to inadvertently share EMRs outside of the system, which is a huge advantage. Contrast this to paper records, which are often accidentally left in the wrong place or simply lying around. Even the best protocols when it comes to paper records would have a hard time keeping up with the security provided even by the most lax EMR system.

The analogy I like to give to compare paper records’ security versus EMR security is by comparing it to a credit card. Many people are still nervous about using their credit card online despite it being a million times safer than using it in a store. The most insecure your account is with a physical credit card is when you hand it over to someone to pay for something. For example, handing your card to a waiter to pay your check. Do you think this is safer than buying something online that features 128-bit encryption? Guess again. Physical assets are almost always more insecure than digital ones and this is certainly the case with paper records versus EMRs.

Thanks, Phil!
I appreciate your comment and the sharing of your experience.
I’m pretty comfortable with a lot of my info being held electronically (online banking, EMRs, etc…), but I realize that it still terrifies a lot of the population.
Really interested to see where people go with this.